Abstract

We propose a new scheme for authenticating streamed data delivered in real-time over an insecure network. The difficulty of signing live streams is twofold. First, authentication must be efficient so the stream can be processed without delay. Secondly, authentication must be possible even if some packets in the sequence are missing. Streams of audio or video provide a good example. They must be processed in real-time and are commonly exchanged over UDP, with no guarantee that every packet will be delivered. Existing solutions to the problem of signing streams have been designed to resist worst-case packet loss. In practice however, network loss is not malicious but occurs in patterns of consecutive packets known as bursts. Based on this realistic model of network loss, we propose an authentication scheme for streams which achieves better performance as well as much lower communication overhead than existing solutions. We have implemented our constructions as plug-ins to the RealSystem platform from Real Networks to authenticate audio and video streams.